cybr.cx | Daily Digest — April 29, 2026

Critical Vulnerabilities

CVE-2026-41378 / CVE-2026-41404 / CVE-2026-42422 / CVE-2026-42426 — OpenClaw (Multiple, CVSS 8.8): Four high-severity vulnerabilities affect OpenClaw prior to versions 2026.3.31 and 2026.4.8, collectively enabling privilege escalation, role bypass, and remote code execution on gateways. Attackers with basic paired-node or operator.write credentials can chain these flaws — abusing unrestricted agent dispatch, persistent self-declared scopes, token minting for unapproved roles, and overly permissive pairing approval — to fully compromise gateway infrastructure. Patch to 2026.4.8 immediately; audit all paired node credentials and operator scope assignments.

CVE-2026-41371 — OpenClaw pre-2026.3.28 (CVSS 8.5): A write-scoped caller can abuse the chat.send path to trigger admin-only session reset operations, rotating target sessions and wiping transcript state without admin privileges. This is a lower-friction escalation than its siblings above — any user with write scope is a potential threat actor. Upgrade and review scope assignments.

CVE-2026-7160 — Tenda HG3 2.0 (CVSS 8.8): Remote command injection via the formTracert function, exploitable by manipulating the datasize argument. Exploit code is publicly available. Consumer and SOHO routers running this firmware are exposed to full device compromise. No patch is currently listed; isolate or replace affected devices.

CVE-2026-7288 / CVE-2026-7289 — D-Link DIR-825M 1.1.12 (CVSS 8.8 each): Two distinct remotely exploitable buffer overflows in the VPN and WAN configuration handlers. Both exploits are public. D-Link end-of-life devices with no upstream patch path should be treated as permanently compromised if internet-facing — replace them.

Headline News

'Firestarter' Malware Persists Through Cisco Firewall Patches

A sophisticated malware strain dubbed "Firestarter" has been confirmed to survive firmware patches on affected Cisco firewall devices, prompting CISA to issue an unusually blunt advisory: pull the mains power to kill it. Unlike typical persistent implants that can be evicted via software remediation, Firestarter appears to embed itself in a manner that survives standard patching and reboots, making physical power cycling the only confirmed eradication method. This is a significant operational headache for enterprise and critical infrastructure defenders who rely on in-band management and high-availability configurations. Security teams should treat any Cisco firewall in the affected product range as potentially compromised, isolate it from production traffic, and plan for physical intervention — remote remediation is not sufficient here.

Chinese State-Linked Hacker Extradited to Face US Charges

A threat actor allegedly conducting cyberattacks on behalf of Chinese intelligence has been extradited to the United States, marking a notable escalation in the US government's willingness to pursue foreign state-linked operatives through judicial channels. The individual faces charges tied to intrusion campaigns that align with long-documented Chinese espionage tradecraft targeting government, defence, and critical infrastructure sectors. Extraditions of this nature are rare and diplomatically sensitive — this one signals continued pressure on the infrastructure that enables state-sponsored operations and may prompt associated threat actors to modify TTPs or go dark temporarily. Defenders tracking APT clusters with Chinese attribution should monitor for shifts in tooling or operational cadence in the near term.

OpenSSH Flaw Allegedly Enabled Root Access for 15 Years

A newly disclosed vulnerability in OpenSSH is reported to have existed undetected for approximately 15 years, potentially allowing full root access to affected systems. Given OpenSSH's near-universal deployment across Linux servers, network appliances, embedded systems, and cloud infrastructure, the blast radius here is difficult to overstate — this is the kind of long-lived flaw that retrospectively calls years of assumed-secure remote access into question. Details on affected versions and patch availability are still emerging, but practitioners should prioritise patching OpenSSH across all managed assets immediately and review access logs for anomalous authentication patterns that may indicate prior exploitation. The 15-year window means historical forensic confidence in SSH-authenticated sessions is materially reduced.

Schrödinger's Feed

Haiqu and HSBC Crack a Quantum Data Encoding Bottleneck

Quantum middleware firm Haiqu and HSBC have published peer-reviewed research in Physical Review Research demonstrating a scalable method for quantum state preparation — the process of encoding classical data into quantum systems, which has long been one of the field's most stubborn practical obstacles. Solving this efficiently is a prerequisite for running meaningful quantum algorithms on real-world financial and cryptographic data, not just synthetic benchmarks. The involvement of a major global bank as a co-author signals that applied quantum research is moving from lab curiosity to institutional priority faster than many anticipated. Practitioners working on post-quantum cryptography timelines should note: if data encoding bottlenecks are being resolved at pace, the window between "quantum is theoretically threatening" and "quantum is operationally threatening" may be narrowing.

/dev/random

OpenAI Models, Now Available in Your AWS Bill

OpenAI and AWS have announced that OpenAI models are coming to Amazon Bedrock, meaning enterprises can now pipe GPT-family outputs directly into their existing cloud infrastructure — and, presumably, their existing cloud security nightmares. The partnership unites two of the most aggressively adopted platforms in enterprise tech, which is either a convenient consolidation or a very efficient single point of failure, depending on your threat model. Sam Altman and the AWS CEO apparently sat down to discuss the integration, which at least confirms this wasn't decided entirely by an AI agent — though given recent headlines about a coding agent wiping an entire company database in nine seconds, perhaps human oversight remains marginally preferable.